Critical
User IDs and Passwords should not be Hardcoded
Description
This rule states that user IDs and passwords should not be hardcoded into any PowerBuilder code. This means that any references to user IDs and passwords should not be included in the code itself, but instead should be stored in a separate, secure location. This ensures that user credentials are kept confidential and secure, and that they can be easily updated when necessary.
Key Benefits
- Enhanced Security: User IDs and Passwords should not be Hardcoded rule ensures that user credentials are not exposed to malicious actors, providing an extra layer of security.
- Improved Authentication: This rule helps to authenticate users more securely and accurately, reducing the chances of unauthorized access.
- Increased Privacy: By not hardcoding user credentials, user data is kept private and secure, ensuring that only authorized users have access to sensitive information.
- Reduced Risk: By not hardcoding user credentials, the risk of data breaches and other security threats is greatly reduced.
Non-compliant Code Example
DBParm="ConnectString = 'DSN=Sales;UID=dba@123;PWD=sql1$12'" //Non compliant code (The password is hard coded)
SQLCA lnv_SQLCA
lnv_SQLCA = Create SQLCA
lnv_SQLCA.DBParm="ConnectString = 'DSN=Sales;UID=dba;PWD=sql'" //Non compliant code (The password is hard coded)
Compliant Code Example
DBParm="ConnectString = 'DSN=Sales;UID=" + txtuserId.Text + ";PWD=" + txtPassword.Text + "'"//Compliant code